CN104052634A - Information security monitoring system and method - Google Patents
Information security monitoring system and method Download PDFInfo
- Publication number
- CN104052634A CN104052634A CN201410234998.1A CN201410234998A CN104052634A CN 104052634 A CN104052634 A CN 104052634A CN 201410234998 A CN201410234998 A CN 201410234998A CN 104052634 A CN104052634 A CN 104052634A
- Authority
- CN
- China
- Prior art keywords
- data
- layer
- database
- monitored
- fault
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention provides an information security monitoring system and method. The system comprises a monitoring layer, a switching layer, a data layer, a service layer, an exhibition layer and a user layer. The monitoring layer is a monitored network which comprises all monitored objects and data collecting devices corresponding to the monitored objects. The switching layer is a uniform data collecting port. The data layer comprises a monitoring database, an index analysis library and a specialist database and is used for providing data support for system analysis and judgment. The service layer comprises a J2EE platform and a Tomcat middleware and is used for displaying data on the exhibition layer by means of a web service technique. The exhibition layer is a display platform which is provided with a monitoring module, a recovery module and a warning module. The user layer comprises a plurality of mobile terminals and is used for receiving fault information. According to the method, by means of data analysis and comparison, automatic searching and matching can be carried out, one or more solutions can be provided, and the whole system and method achieve comprehensive monitoring and intelligent recovery of the monitored network.
Description
Technical field
The present invention relates to information spy technology, specifically a kind of information spy system and method.
Background technology
Along with the information system deep application of each enterprise at home and abroad, each enterprise strengthens day by day to the dependence of information system, and the importance of information system security stable operation is more and more outstanding.
Although the standard feature of each information system self can carry out distributing manual detection to operating system and system hardware index, the existing IMS system of Guo Wang company can be to the service function of each operation system whether normal and several limited interfaces monitor, but above-mentioned two kinds of modes all cannot accomplish the state of information system operation conditions and total interface to unify monitoring, more cannot accomplish, to the giving warning in advance and analyze anticipation of failure risk, also cannot when fault occurs, propose intelligent fault restoration scheme.
Summary of the invention
In order to address the above problem, the invention provides a kind of information spy system and method, solved existing information monitoring system and monitored incomplete problem, and realized the analysis of fault is judged.
The present invention is by the following technical solutions: information spy system, it is characterized in that, described system comprises supervisory layers, exchange layer, data Layer, service layer, represents layer and client layer, described supervisory layers is monitored network, described monitored network comprises all monitored objects and data acquisition unit corresponding to each monitored object, and all monitored object and data acquisition units are connected as a single entity by network and procotol; Described exchange layer is uniform data acquisition interface, and the data of harvester collection are sent in data Layer and are preserved; Described data Layer comprises monitor database, index analysis storehouse and expert database, the whole monitor data of described monitor data library storage, whole normal index data of all monitored objects of index analysis library storage, the all fault models of expert data library storage, data Layer provides data supporting for network analysis and judgement; Described service layer comprises J2EE platform and Tomcat middleware, utilizes web services technology, and the data message of preserving in data Layer is converted into corresponding display type, and is sent to and represents layer and show; The described layer that represents is for display platform, described display platform is provided with monitoring module, repairs module and alarm module, described monitoring module can call and show all monitor datas, described reparation module can be analyzed and repair monitored object according to the information of index analysis storehouse and expert database, and described alarm module sends to client layer by fault message; Described client layer comprises some mobile terminals, receives fault message.
Further, monitored object comprises the database of installing on the network equipment, computer and the servers such as computer and server host, Application Middleware, switch, router, the database installed on described computer and server host, Application Middleware, computer and server directly with exchange layer data and be communicated with, the network equipments such as switch, router carry out data interaction by fire compartment wall and IPS and exchange layer.
Further, described procotol at least comprises following agreement: TCP/IP, SNMP, HTTP, SSH, Telnet.
Further, a fault model at least comprises following content: malfunction coding, failure-description, failure cause, reparation script, solution.
Further, described display type is one or more in following form: figure, form, the page.
Further, described mobile terminal is one or more in following equipment: mobile phone, IPAD, computer, landline telephone.
Further, the receive mode of described monitor message is one or more in following mode: page ejection, note reception, mail reception, telephone receiving.
Utilize information spy system, designed a kind of information spy method, it is characterized in that, described method comprises the following steps:
Step S101: gather detailed device status data and data on flows;
Step S102: storage total data;
Step S103: abnormal in correction data;
Step S104: analyze and show failure cause;
Step S105: notify related personnel and repair fault.
Further, in step S103, in comparison process, do not note abnormalities, the real time data of equipment will be shown by forms such as figure, form, the pages.
Further, the detailed process of analyzing failure cause is: after abnormal data and fault model are compared one by one, find the fault model that similarity is the highest, then this fault model is called and shown.
The invention has the beneficial effects as follows:
1, this system adopts the facilities such as fire compartment wall, IPS, and unified data-interface, gather several different types of equipment or the data such as collection office terminal, server host, Application Middleware, database, the network equipment comprehensively, thereby obtained more comprehensively monitor data.
2, be provided with index analysis storehouse, and existing normal device status data and data on flows are deposited in wherein, can find the abnormal of monitor data the very first time, improved monitoring efficiency.
3, the expert database that utilizes a large amount of fault models to form, has realized intelligent decision failure mode and has shown the function of troubleshooting way, has saved human cost, has improved operating efficiency.
Accompanying drawing explanation
Fig. 1 is the structural representation of system of the present invention;
Fig. 2 is the flow chart of the inventive method.
Embodiment
Information spy system as shown in Figure 1, comprises supervisory layers, exchange layer, data Layer, service layer, represents layer and client layer.
Described supervisory layers is monitored network, described monitored network comprises all monitored objects and data acquisition unit corresponding to each monitored object, all monitored object and data acquisition units are connected as a single entity by network and procotol, wherein, monitored object comprises office terminal computer and server host, Application Middleware, database and switch, the network equipments such as router, described office terminal and server host, Application Middleware, database is directly communicated with exchange layer data, switch, the network equipments such as router carry out data interaction by fire compartment wall and IPS and exchange layer, described procotol at least comprises following agreement: TCP/IP, SNMP, HTTP, SSH, Telnet.
Described exchange layer is uniform data acquisition interface, and the data of harvester collection are sent in data Layer and are preserved.
Described data Layer comprises monitor database, index analysis storehouse and expert database, the whole monitor data of described monitor data library storage, whole normal index data of all monitored objects of index analysis library storage, the all fault models of expert data library storage, a fault model at least comprises following content: malfunction coding, failure-description, failure cause, reparation script, solution, whole data Layer provides data supporting for network analysis and judgement.
Described service layer comprises J2EE platform and Tomcat middleware, utilizes web services technology, the data message of preserving is converted into the display types such as corresponding figure, form, the page in data Layer, and is sent to and represents layer and show.
The described layer that represents is for display platform, described display platform is provided with monitoring module, repairs module and alarm module, described monitoring module can call and show all monitor datas, described reparation module can be analyzed and repair monitored object according to the information of index analysis storehouse and expert database, and described alarm module sends to client layer by fault message.
Described client layer comprises the different mobile terminals such as mobile phone, IPAD, computer, landline telephone, by for IPAD and computer, the modes such as page ejection, mail reception have been designed, for mobile phone, be provided with the modes such as note reception, mail reception, telephone receiving, for landline telephone, adopt the mode of telephone receiving.
Utilize above-mentioned information spy system, designed a kind of information spy method, as shown in Figure 2, described method comprises the following steps:
Step S101: utilize monitored object itself in supervisory layers, or the corresponding collecting device such as fire compartment wall, IPS, gather detailed device status data and data on flows;
Step S102: the data-interface by exchange layer, shifts all data store in the monitor database of data Layer;
Step S103: utilize to repair the data that collect in normal device achievement data that module calls respectively index analysis database and monitor database, whether comparative analysis collects in data and exists extremely, if do not noted abnormalities in comparison process, the real time data of equipment will be shown by forms such as figure, form, the pages, if noted abnormalities in comparison process, enter next step;
Step S104: repair module and call the fault model in experts database, after abnormal data and fault model are compared one by one, find the highest one or more fault models of similarity, then these fault models are called and shown;
Step S105: utilize alarm module notice client layer, for can be by restarting, the simple operations such as parameter adjustment, the switch control fault that can correct, repair module and can control corresponding performer complete operation, for fault that cannot Based Intelligent Control, the wait personnel maintenance of coming.
In said system and method, as follows for the criterion of several main monitor datas in monitored network:
1, for server host and computer office end host:
| Function name | Desired value | Action |
| Cpu | Cpu utilization rate > 80% | Audible alarm, SMS alarm, processing suggestion |
| Internal memory | Memory usage > 50% | Audible alarm, SMS alarm, processing suggestion |
| Disk space | Disk space > 80% | Audible alarm, SMS alarm, processing suggestion |
2, for service application middleware:
3, for the database on computer:
| Function name | Desired value | Action |
| Database table space | Residue table space < 10% | Audible alarm, SMS alarm, processing suggestion |
| Session number | Session number > 80% | Audible alarm, SMS alarm, processing suggestion |
| Database running status | Node cannot connect, lock table | Audible alarm, SMS alarm, processing suggestion |
| RAC service state | Service state is abnormal | Audible alarm, SMS alarm, processing suggestion |
Below, several frequently seen fault model is specifically described:
Expert database is perfect gradually in system use procedure, is more than preset fault model, and along with operation and the new fault type appearance of system, the content in experts database can expand gradually.
Except structure of the present invention, all the other are prior art.
The above is the preferred embodiment of the present invention, for those skilled in the art, under the premise without departing from the principles of the invention, can also make some improvements and modifications, and these improvements and modifications are also regarded as protection scope of the present invention.
Claims (10)
1. information spy system, it is characterized in that, described system comprises supervisory layers, exchange layer, data Layer, service layer, represents layer and client layer, described supervisory layers is monitored network, described monitored network comprises all monitored objects and data acquisition unit corresponding to each monitored object, and all monitored object and data acquisition units are connected as a single entity by network and procotol; Described exchange layer is uniform data acquisition interface, and the data of harvester collection are sent in data Layer and are preserved; Described data Layer comprises monitor database, index analysis storehouse and expert database, the whole monitor data of described monitor data library storage, whole normal index data of all monitored objects of index analysis library storage, the all fault models of expert data library storage, data Layer provides data supporting for network analysis and judgement; Described service layer comprises J2EE platform and Tomcat middleware, utilizes web services technology, and the data message of preserving in data Layer is converted into corresponding display type, and is sent to and represents layer and show; The described layer that represents is for display platform, described display platform is provided with monitoring module, repairs module and alarm module, described monitoring module can call and show all monitor datas, described reparation module can be analyzed and repair monitored object according to the information of index analysis storehouse and expert database, and described alarm module sends to client layer by fault message; Described client layer comprises some mobile terminals, receives fault message.
2. information spy system according to claim 1, it is characterized in that, monitored object comprises the database of installing on the network equipment, computer and the servers such as computer and server host, Application Middleware, switch, router, the database installed on described computer and server host, Application Middleware, computer and server directly with exchange layer data and be communicated with, the network equipments such as switch, router carry out data interaction by fire compartment wall and IPS and exchange layer.
3. information spy system according to claim 1 and 2, is characterized in that, described procotol at least comprises following agreement: TCP/IP, SNMP, HTTP, SSH, Telnet.
4. information spy system according to claim 1 and 2, is characterized in that, a fault model at least comprises following content: malfunction coding, failure-description, failure cause, reparation script, solution.
5. information spy system according to claim 1 and 2, is characterized in that, described display type is one or more in following form: figure, form, the page.
6. information spy system according to claim 1 and 2, is characterized in that, described mobile terminal is one or more in following equipment: mobile phone, IPAD, computer, landline telephone.
7. information spy system according to claim 6, is characterized in that, the receive mode of described monitor message is one or more in following mode: page ejection, note reception, mail reception, telephone receiving.
8. information spy method, is characterized in that, described method comprises the following steps:
Step S101: gather detailed device status data and data on flows;
Step S102: storage total data;
Step S103: abnormal in correction data;
Step S104: analyze and show failure cause;
Step S105: notify related personnel and repair fault.
9. information spy method according to claim 8, is characterized in that, in step S103, in comparison process, does not note abnormalities, and the real time data of equipment will be shown by forms such as figure, form, the pages.
10. information spy method according to claim 8 or claim 9, it is characterized in that, the detailed process of analyzing failure cause is: after abnormal data and fault model are compared one by one, find the fault model that similarity is the highest, then this fault model is called and shown.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410234998.1A CN104052634B (en) | 2014-05-30 | 2014-05-30 | Information spy system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410234998.1A CN104052634B (en) | 2014-05-30 | 2014-05-30 | Information spy system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104052634A true CN104052634A (en) | 2014-09-17 |
| CN104052634B CN104052634B (en) | 2015-09-02 |
Family
ID=51505018
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410234998.1A Active CN104052634B (en) | 2014-05-30 | 2014-05-30 | Information spy system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104052634B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468269A (en) * | 2014-12-01 | 2015-03-25 | 郭丹 | Directional traffic monitoring method based on Android terminal device |
| CN104506595A (en) * | 2014-12-12 | 2015-04-08 | 国家电网公司 | Portable communication device for detecting electric transmission and transformation equipment and data transmission method of portable communication device |
| CN105528278A (en) * | 2015-12-16 | 2016-04-27 | 电信科学技术第十研究所 | Method, device and system for determining index data state |
| CN107153596A (en) * | 2017-04-12 | 2017-09-12 | 合肥才来科技有限公司 | A kind of monitoring method of application server all the period of time monitoring system |
| CN108268355A (en) * | 2016-12-31 | 2018-07-10 | 中国移动通信集团四川有限公司 | For the monitoring system and method for data center |
| CN109885419A (en) * | 2019-02-21 | 2019-06-14 | 广东电网有限责任公司信息中心 | A kind of automatic management method for middle wound middleware Fault Isolation and reparation |
| CN110048881A (en) * | 2019-03-20 | 2019-07-23 | 国家电网有限公司 | Information monitoring system, information monitoring method and device |
| CN110993079A (en) * | 2019-11-29 | 2020-04-10 | 重庆亚德科技股份有限公司 | Medical quality control management platform |
| CN114257612A (en) * | 2021-11-26 | 2022-03-29 | 珠海大横琴科技发展有限公司 | Data processing method |
| CN115994044A (en) * | 2023-01-09 | 2023-04-21 | 苏州浪潮智能科技有限公司 | Database fault processing method and device based on monitoring service and distributed cluster |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110642A (en) * | 2006-07-19 | 2008-01-23 | 中兴通讯股份有限公司 | System fault detecting method and device |
| CN101944777A (en) * | 2010-09-28 | 2011-01-12 | 上海市电力公司超高压输变电公司 | Intelligent self-healing monitoring method of extra high voltage power network |
-
2014
- 2014-05-30 CN CN201410234998.1A patent/CN104052634B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110642A (en) * | 2006-07-19 | 2008-01-23 | 中兴通讯股份有限公司 | System fault detecting method and device |
| CN101944777A (en) * | 2010-09-28 | 2011-01-12 | 上海市电力公司超高压输变电公司 | Intelligent self-healing monitoring method of extra high voltage power network |
Non-Patent Citations (1)
| Title |
|---|
| 梁伟等: "变电站智能监控系统研究", 《天津电力技术》, no. 2, 31 December 2012 (2012-12-31) * |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104468269A (en) * | 2014-12-01 | 2015-03-25 | 郭丹 | Directional traffic monitoring method based on Android terminal device |
| CN104468269B (en) * | 2014-12-01 | 2018-02-13 | 郭丹 | A kind of orientation flux monitoring method based on android terminal device |
| CN104506595A (en) * | 2014-12-12 | 2015-04-08 | 国家电网公司 | Portable communication device for detecting electric transmission and transformation equipment and data transmission method of portable communication device |
| CN104506595B (en) * | 2014-12-12 | 2018-02-23 | 国家电网公司 | A kind of portable power transmission and transforming equipment detection communicator and its data transmission method |
| CN105528278A (en) * | 2015-12-16 | 2016-04-27 | 电信科学技术第十研究所 | Method, device and system for determining index data state |
| CN108268355A (en) * | 2016-12-31 | 2018-07-10 | 中国移动通信集团四川有限公司 | For the monitoring system and method for data center |
| CN107153596A (en) * | 2017-04-12 | 2017-09-12 | 合肥才来科技有限公司 | A kind of monitoring method of application server all the period of time monitoring system |
| CN109885419A (en) * | 2019-02-21 | 2019-06-14 | 广东电网有限责任公司信息中心 | A kind of automatic management method for middle wound middleware Fault Isolation and reparation |
| CN110048881A (en) * | 2019-03-20 | 2019-07-23 | 国家电网有限公司 | Information monitoring system, information monitoring method and device |
| CN110993079A (en) * | 2019-11-29 | 2020-04-10 | 重庆亚德科技股份有限公司 | Medical quality control management platform |
| CN114257612A (en) * | 2021-11-26 | 2022-03-29 | 珠海大横琴科技发展有限公司 | Data processing method |
| CN115994044A (en) * | 2023-01-09 | 2023-04-21 | 苏州浪潮智能科技有限公司 | Database fault processing method and device based on monitoring service and distributed cluster |
| CN115994044B (en) * | 2023-01-09 | 2023-06-13 | 苏州浪潮智能科技有限公司 | Database fault processing method and device based on monitoring service and distributed cluster |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104052634B (en) | 2015-09-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104052634B (en) | Information spy system and method | |
| AU2019201687B2 (en) | Network device vulnerability prediction | |
| CN111176879A (en) | Fault repairing method and device for equipment | |
| CN102937930A (en) | Application program monitoring system and method | |
| CN107947998B (en) | Real-time monitoring system based on application system | |
| CN102932447A (en) | Distribution room remote data acquisition and analysis system | |
| CN101197621A (en) | Method and system for remote diagnosing and locating failure of network management system | |
| CN102882701B (en) | A kind of electrical network core business data intelligent monitoring warning system and method | |
| CN106655502B (en) | Method and device for acquiring running state data of power distribution network equipment | |
| CN107911387A (en) | Power information acquisition system account logs in the monitoring method with abnormal operation extremely | |
| CN103716173A (en) | Storage monitoring system and monitoring alarm issuing method | |
| CN104113440A (en) | Method and system for intelligently monitoring operation state of home gateway | |
| CN103326874A (en) | System and method for alarm management | |
| CN104038373A (en) | Information early warning and self repairing system and method | |
| CN103259684A (en) | Internet service monitoring method and system | |
| CN103957118A (en) | Real-time intelligent analysis method for network flow of electric power data communication network and system thereof | |
| CN103595569A (en) | Method for handling database storage of alarm information of network management system | |
| CN108156017A (en) | A kind of power transmission and transformation equipment state alarm management method | |
| CN104683145A (en) | Warning monitoring system server, client and warning information processing and querying method | |
| CN109800133A (en) | A kind of method, one-stop monitoring alarm platform and the system of unified monitoring alarm | |
| EP1622310B1 (en) | Administration method and system for network management systems | |
| CN111062503B (en) | Power grid monitoring alarm processing method, system, terminal and storage medium | |
| CN113760634A (en) | Data processing method and device | |
| CN106897189A (en) | A kind of daily record monitoring system based on data real time propelling movement | |
| CN112817815A (en) | Network server fault warning system based on business layer monitoring big data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |